Microsoft Security Bulletin Coverage (October 13, 2015)

By

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of October 13, 2015. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS15-106 Cumulative Security Update for Internet Explorer

  • CVE-2015-2482 Scripting Engine Memory Corruption Vulnerability
    IPS: 11189 “Windows Scripting Engine Memory Corruption Vulnerability (MS15-108)”
  • CVE-2015-6042 Memory Corruption Vulnerability
    IPS: 11191 “Internet Explorer Memory Corruption Vulnerability (MS15-106) 3”
  • CVE-2015-6044 Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6046 Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6047 Elevation of Privilege Vulnerability
    This is a local vulnerability.
  • CVE-2015-6048 Memory Corruption Vulnerability
    IPS: 11192 “Internet Explorer Memory Corruption Vulnerability (MS15-106) 4”
  • CVE-2015-6049 Memory Corruption Vulnerability
    IPS: 11193 “Internet Explorer Memory Corruption Vulnerability (MS15-106) 5”
  • CVE-2015-6050 Memory Corruption Vulnerability
    IPS: 11194 “Internet Explorer Memory Corruption Vulnerability (MS15-106) 6”
  • CVE-2015-6051 Elevation of Privilege
    This is a local vulnerability.
  • CVE-2015-6052 VBScript and JScript ASLR Bypass
    IPS: 11185 “Internet Explorer ASLR Bypass Vulnerability (MS15-106) 1”
  • CVE-2015-6053 Information Disclosure Vulnerability
    IPS: 11186 “Internet Explorer Information Disclosure Vulnerability (MS15-106) 1”
  • CVE-2015-6055 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6056 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6059 Information Disclosure Vulnerability
    IPS: 11187 “Windows Scripting Engine Information Disclosure Vulnerability (MS15-106)”

MS15-107 Cumulative Security Update for Microsoft Edge

  • CVE-2015-6057 Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6058 XSS Filter Bypass in Microsoft Edge
    IPS: 9592 “Cross-Site Scripting (XSS) Attack 42”

MS15-108 Security Update for Jscript and VBScript to Address Remote Code Execution

  • CVE-2015-2482 Scripting Engine Memory Corruption Vulnerability
    IPS: 11189 “Windows Scripting Engine Memory Corruption Vulnerability (MS15-108)”
  • CVE-2015-6052 VBScript and JScript ASLR Bypass
    IPS: 11185 “Internet Explorer ASLR Bypass Vulnerability (MS15-106) 1”
  • CVE-2015-6055 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6059 Information Disclosure Vulnerability
    IPS: 11187 “Windows Scripting Engine Information Disclosure Vulnerability (MS15-106)”

MS15-109 Security Update for Windows Shell to Address Remote Code Execution

  • CVE-2015-2515 Toolbar Use After Free Vulnerability
    IPS: 11188 “Internet Explorer Toolbar Use-After-Free (MS15-109)”
  • CVE-2015-2548 Microsoft Tablet Input Band Use After Free Vulnerabiilty
    IPS: 11190 “Microsoft Tablet Input Band Use-After-Free (MS15-109)”

MS15-110 Security Updates for Microsoft Office to Address Remote Code Execution

  • CVE-2015-2555 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2556 Microsoft SharePoint Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2557 Microsoft Office Memory Corruption Vulnerability
    IPS: 3209 “MS WSDAPI Memory Corruption Attempt (MS09-063)”
  • CVE-2015-2558 Microsoft Office Memory Corruption Vulnerability
    IPS: 3210 “Titan FTP Server Information Disclosure”
  • CVE-2015-6037 Microsoft Office Web Apps XSS Spoofing Vulnerability
    There are no known exploits in the wi
    ld.
  • CVE-2015-6039 Microsoft SharePoint Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

MS15-111 Security Update for Windows Kernel to Address Elevation of Privilege

  • CVE-2015-2549 Windows Kernel Memory Corruption Vulnerability
    This is a local Vulnerability
  • CVE-2015-2550 Windows Elevation of Privilege Vulnerability
    This is a local Vulnerability
  • CVE-2015-2552 Trusted Boot Security Feature Bypass Vulnerability
    This is a local Vulnerability
  • CVE-2015-2553 Windows Mount Point Elevation of Privilege Vulnerability
    This is a local Vulnerability
  • CVE-2015-2554 Windows Object Reference Elevation of Privilege Vulnerability
    This is a local Vulnerability
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.